Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/B223B458F23211EC9A7DB924C4F9AE02.roa
File:                     B223B458F23211EC9A7DB924C4F9AE02.roa (raw, json)
Hash identifier:          3cDVrKPKLzuO933AQM5wQWdGQ1Woj+L3ckYdTmOzBvg=
Subject key identifier:   18:79:27:8A:8C:ED:FA:92:9E:22:02:4D:CE:01:D8:6A:A7:90:5A:BF
Certificate issuer:       /CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
Certificate serial:       1FC6
Authority key identifier: BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/B223B458F23211EC9A7DB924C4F9AE02.roa
Signing time:             Thu 21 Jul 2022 06:22:32 +0000
ROA not before:           Thu 21 Jul 2022 06:22:32 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     133334
IP address blocks:        45.124.56.0/22 maxlen: 24
                          103.61.220.0/22 maxlen: 22
                          103.200.32.0/22 maxlen: 24
                          103.203.52.0/22 maxlen: 22
                          103.225.136.0/22 maxlen: 24
                          2401:b80::/32 maxlen: 32
                          2401:b80::/36 maxlen: 36
                          2401:b80:1000::/36 maxlen: 36
                          2401:b80:2000::/36 maxlen: 36
                          2401:b80:2000:2017::/64 maxlen: 64
                          2401:b80:3000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8134 (0x1fc6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
        Validity
            Not Before: Jul 21 06:22:32 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=62d8f0a7-0e68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bc:e7:d9:dd:80:62:f3:1a:cd:75:d9:21:27:
                    d0:bb:a8:ca:7a:3c:74:f4:c9:8f:e8:dc:ce:1d:72:
                    8f:3c:3b:90:7a:d7:d5:85:2a:c0:4e:17:0a:e2:22:
                    52:2d:c1:44:e0:ac:d2:47:ce:76:36:60:a1:f4:c4:
                    68:83:31:b7:56:da:76:52:42:6d:00:91:7f:47:19:
                    7d:56:2c:6a:5c:9f:d8:fa:0f:28:ea:b9:d7:23:2b:
                    d7:94:f0:12:a8:bd:4d:c7:b6:ff:dc:c7:f2:c0:01:
                    64:5d:55:b2:08:88:48:60:4f:13:01:78:ee:3f:a9:
                    56:37:96:6e:2e:d6:f3:8b:c0:7c:ad:1d:d3:4a:a1:
                    c7:c6:17:fc:8f:50:97:5b:f4:8d:fe:d0:4d:f4:c7:
                    52:20:46:73:20:b2:f3:db:44:64:a4:6b:b0:94:3f:
                    cd:15:49:17:49:c4:c9:98:44:c9:ab:b2:94:66:42:
                    7c:a4:47:95:77:17:3e:ff:33:04:ec:c9:a8:01:71:
                    96:fd:69:b2:57:cd:eb:0d:e7:78:ea:25:2b:cf:65:
                    0d:b8:e0:47:0b:d6:bd:df:25:cb:52:f6:74:e2:fd:
                    4e:97:02:07:55:fd:73:be:ba:2e:7a:ab:56:92:12:
                    82:f6:76:05:a3:d6:9a:04:36:37:08:61:6f:47:fc:
                    b4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:79:27:8A:8C:ED:FA:92:9E:22:02:4D:CE:01:D8:6A:A7:90:5A:BF
            X509v3 Authority Key Identifier:
                keyid:BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/vkiLTmCsanOmVu_bxfpnoajegSo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/B223B458F23211EC9A7DB924C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.124.56.0/22
                  103.61.220.0/22
                  103.200.32.0/22
                  103.203.52.0/22
                  103.225.136.0/22
                IPv6:
                  2401:b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:34:27:31:63:54:29:27:28:e9:fd:95:81:81:cc:5a:fe:78:
         30:3e:b3:30:6f:a3:7c:37:ff:76:c7:6b:a2:22:e1:48:25:56:
         00:81:55:f8:4e:a3:8b:d1:9e:c6:14:64:e8:66:cb:e2:cc:42:
         47:54:5f:a3:0b:fe:f7:3d:1e:43:a1:51:26:64:fe:6c:7d:e1:
         d4:a9:07:80:7c:69:29:e4:a4:9e:7c:99:c8:6f:33:25:23:de:
         8e:f0:c7:aa:f1:1f:e6:c9:9f:e6:e1:87:a1:4b:fb:f1:9c:e7:
         eb:c9:7f:38:a6:0a:f9:34:02:a9:c0:51:da:7d:96:b7:95:39:
         ba:c8:a2:3e:61:68:3f:95:9c:fb:7b:5a:73:3c:65:64:80:6b:
         f3:5b:b1:63:5a:04:f9:11:e3:ea:db:11:8f:d8:8f:cf:21:c1:
         2f:0f:06:6b:1b:61:9f:d1:5e:2a:cf:60:48:c8:b2:67:66:aa:
         d0:8d:a9:73:9d:1a:2c:c5:f4:3a:2d:02:85:21:82:07:dd:84:
         0d:82:3f:1b:50:e8:c6:cb:b2:b3:db:a5:70:17:2d:a4:d4:8b:
         0f:a6:02:a1:9e:b8:76:8b:75:77:11:f0:3a:ae:a1:29:d1:9b:
         66:8d:20:3e:ad:1b:64:c4:5c:c9:06:4d:14:6a:14:9d:75:96:
         10:d7:dd:b5
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICH8YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QURFMEExMTAvBgNVBAUTKEJFNDg4QjRFNjBBQzZBNzNBNjU2RUZEQkM1RkE2N0Ex
QThERTgxMkEwHhcNMjIwNzIxMDYyMjMyWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmQ4ZjBhNy0wZTY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAorzn2d2AYvMazXXZISfQu6jKejx09MmP6NzOHXKPPDuQetfVhSrAThcK4iJS
LcFE4KzSR852NmCh9MRogzG3Vtp2UkJtAJF/Rxl9VixqXJ/Y+g8o6rnXIyvXlPAS
qL1Nx7b/3MfywAFkXVWyCIhIYE8TAXjuP6lWN5ZuLtbzi8B8rR3TSqHHxhf8j1CX
W/SN/tBN9MdSIEZzILLz20RkpGuwlD/NFUkXScTJmETJq7KUZkJ8pEeVdxc+/zME
7MmoAXGW/WmyV83rDed46iUrz2UNuOBHC9a93yXLUvZ04v1OlwIHVf1zvroueqtW
khKC9nYFo9aaBDY3CGFvR/y0AQIDAQABo4ICvDCCArgwHQYDVR0OBBYEFBh5J4qM
7fqSniICTc4B2GqnkFq/MB8GA1UdIwQYMBaAFL5Ii05grGpzplbv28X6Z6Go3oEq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBREUwQS8zMEQ4MDEyNkMx
MTMxMUU1QjAxQTcyNjlDNEY5QUUwMi92a2lMVG1Dc2FuT21WdV9ieGZwbm9hamVn
U28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZraUxUbUNzYW5PbVZ1X2J4ZnBub2FqZWdTby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QURFMEEvMzBEODAxMjZDMTEzMTFFNUIwMUE3MjY5QzRGOUFFMDIvQjIyM0I0NThG
MjMyMTFFQzlBN0RCOTI0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAItfDgDBAJnPdwDBAJnyCADBAJnyzQDBAJn4YgwDQQCAAIw
BwMFACQBC4AwDQYJKoZIhvcNAQELBQADggEBAAM0JzFjVCknKOn9lYGBzFr+eDA+
szBvo3w3/3bHa6Ii4UglVgCBVfhOo4vRnsYUZOhmy+LMQkdUX6ML/vc9HkOhUSZk
/mx94dSpB4B8aSnkpJ58mchvMyUj3o7wx6rxH+bJn+bhh6FL+/Gc5+vJfzimCvk0
AqnAUdp9lreVObrIoj5haD+VnPt7WnM8ZWSAa/NbsWNaBPkR4+rbEY/Yj88hwS8P
BmsbYZ/RXirPYEjIsmdmqtCNqXOdGizF9DotAoUhggfdhA2CPxtQ6MbLsrPbpXAX
LaTUiw+mAqGeuHaLdXcR8DquoSnRm2aNID6tG2TEXMkGTRRqFJ11lhDX3bU=
-----END CERTIFICATE-----